in reply to Re: Send a Standard looking 404 error to unwanted vistors
in thread Send a Standard looking 404 error to unwanted vistors

I should give a little background as to why I am doing this.

My wife and I post family pictures and house pictures on the web. My wife also goes on talkers and makes a lot of friends. She only gives out the webpage to friends but sometimes others get it, and then harass her.

We are about to move into our new house, and when we do, she is going to drop the external website and use the Server that I am putting together.

Family members will have a redirection site to get to the pages, but others will have the direct site.

Here is how the direct site works. When my wife gives out the site to someone, she goes to a page that only allows access from the localhost:).

The system will e-mail the person with the neccssary login information (automatically generated username and password). When the time out lapses, that entry is logged and deactivated (That IP address can no longer connect).

What do yall think? Is is too paranoid?

  • Comment on Re: Re: Send a Standard looking 404 error to unwanted vistors

Replies are listed 'Best First'.
Re: Re: Re: Send a Standard looking 404 error to unwanted vistors
by dws (Chancellor) on Oct 01, 2002 at 23:28 UTC
    What do yall think? Is is too paranoid?

    No, but your approach sounds like a royal pain-in-the-ass, and has a few rough edges to it, like "She enters the person's current ip address". How does she know? Does she rely on them knowing? How do they know? What happens when they're coming in through a proxy server (e.g., AOL) that might change IP addresses between page fetches? Yuck, yuck, yuck.

    I think you'd be better off setting up password protection for the directory. Augment it with some side bookkeeping so that you can expire users, or preallocate a number of users and hand them out on demand.

    Or, if you don't want people to even know that there's a hidden page somewhere. provide a page with an unlabeled "password" box. Provide a one-time (or time-bound) password, and be "redirected" to dynamic content. Then, all your wife has to do is hand out passwords.

[reply]

      It is a royal pain in the ass. The fact of the matter is, nothing is to much of a pain in the ass to keep unwanted people out. and away from my babies (see two of the three here krisahoch

      The people that she would give it out to are on a program called an EW-Too based talker (Resort, Central Perk), where typing the command 'x me' will display their IP address.

      She and I are in agreement, that if they can't see the website, then Oh well.

      I really like that idea about the passwords though. Thank you for the suggestion, I'll probably use it.

      Kristofer

[reply]

        Even simpler, you could just set .htaccess file that forces Basic Authentication when looking at the pictures. Sure, it's not the most secure thing, but unless you plan to pass your passwords and such via ssl or something, it's insecure, anyway. ;)

[reply]
•Re: Re: Re: Send a Standard looking 404 error to unwanted vistors
by merlyn (Sage) on Oct 02, 2002 at 04:26 UTC
    This all seems like far too much work. Just put the webpages at 
    http://yourserver/~youruser/hidden/SOMESECRETWORDOFTHEDAY/picture1.jpg
http://yourserver/~youruser/hidden/SOMESECRETWORDOFTHEDAY/picture2.jpg
http://yourserver/~youruser/hidden/SOMESECRETWORDOFTHEDAY/picture3.jpg
...

    [download]
    and then tell them to go to http://yourserver/~youruser/hidden/SOMESECRETWORDOFTHEDAY/. As long as there's an index.html at hidden (even as simple as I've got at http://www.stonehenge.com/pic/, which is my personal version of this), there'll be no listing of the contents, so no way to determine what the secret word of the day is. Change the SOMESECRETWORDOFTHEDAY frequently, and you control exactly how long someone can be out of touch with you and still see the page.

    -- Randal L. Schwartz, Perl hacker

[reply]
[d/l]

In Section Seekers of Perl Wisdom